Re: End of hypocrisy ?

To: debian-user@lists.debian.org
Subject: Re: End of hypocrisy ?
From: Jerry Stuckle <jstuckle@attglobal.net>
Date: Sat, 09 Aug 2014 09:34:20 -0400
Message-id: <[🔎] 53E6235C.8010107@attglobal.net>
In-reply-to: <[🔎] 20140808215307.88c4e752588c245d911b9384@1024bits.com>
References: <[🔎] 20140804184431.7ba213df@mydesq2.domain.cxm> <[🔎] CAOdo=SwH=PgcapR0QBhMSbA9WMLnbaXK-6mEv61WE_b_ZZjTCA@mail.gmail.com> <[🔎] 20140806115417.21cc8840@bonifac.skk> <[🔎] 20140806191508.GA1381@sid.nuvreauspam> <[🔎] 20140806162620.5ec7f9a56cfaf26f4c30fdb8@1024bits.com> <[🔎] 20140807003816.37211c67@mydesq2.domain.cxm> <[🔎] 20140807083102.1bb9b2be58cfdf8fccf92898@1024bits.com> <[🔎] 20140807100141.4abad88c@mydesq2.domain.cxm> <[🔎] 20140807151903.GA4248@darac.org.uk> <[🔎] 20140807114954.3678a20b9ce03c4af75ddb7f@1024bits.com> <[🔎] CAOdo=Szsd2R4nozcB72E0mPjSu5jJMwToF05d7YPXLz89Z=pjg@mail.gmail.com> <[🔎] 20140807171946.5f4de53e9e7f2c73cf201649@1024bits.com> <[🔎] CAAr43iNW9V5v5i2qGj+R35YuyH+e+Y3nr711Xrczej3fBa9xAw@mail.gmail.com> <[🔎] 20140807202843.3333e51133aa06266a9b5d3d@1024bits.com> <[🔎] 53E425D1.8080102@attglobal.net> <[🔎] CAOsGNSTLcxnj2xnm-eqzN+-Ha=vP0VD8wU-OKxuQm3RDazz77Q@mail.gmail.com> <[🔎] 53E50B2F.2020001@attglobal.net> <[🔎] 20140808205014.2a30c1a6@mydesq2.domain.cxm> <[🔎] 20140808215307.88c4e752588c245d911b9384@1024bits.com>

On 8/8/2014 9:53 PM, AW wrote:
> On Fri, 8 Aug 2014 20:50:14 -0400
> Steve Litt <slitt@troubleshooters.com> wrote:
> 
>  > Seventh, there's 40 years of experience with text logs. Are they
>  > perfect? No.
> 
> The thread that doesn't die --- misinformation all over the place, and some it
> that my misinformation -- sorry 'bout that.
> 
> Anyway, I feel prodded, so rebuttal...
> 
> Perfect? I should definitely say not...
> a decade or so of remote exploits in no particular order:
> 
> http://www.securityfocus.com/bid/10684/discuss
> http://xforce.iss.net/xforce/xfdb/43518
> http://cxsecurity.com/issue/WLB-2011020121
> http://www.securiteam.com/securitynews/5XP0K0U9GK.html
> http://www.juniper.net/security/auto/vulnerabilities/vuln3498.html
> http://www.linuxtoday.com/security/2000091801204SCRH
> http://www.cvedetails.com/cve/CVE-2000-0917/
> http://securitytracker.com/id/1019105
> http://www.redhat.com/archives/linux-security/1999-November/msg00013.html
> 
> systemd with its binary file format and buffered line to and from a service
> daemon will [or should] nearly automatically take care of some very nasty
> security problems that crop up from time to time... Now, imagine if the the log
> was kept in an sql database secured with a public key or password or something
> dependent on the local machine, and the queries were properly escaped to
> prevent sql injection - something that would only need to be done once...
> 
> Of course all software is broken when it comes to security.  However, that's no
> reason to lay down the welcome mat.
> 
> BTW: To those complaining of Firefox's use of sqlite...
> 
> https://en.wikipedia.org/wiki/SQLlite
> 
> The browsers Google Chrome, Opera, Safari and the Android Browser all allow
> for storing information in, and retrieving it from, a SQLite database within
> the browser, using the Web SQL Database technology. Mozilla Firefox and Mozilla
> Thunderbird store a variety of configuration data (bookmarks, cookies, contacts
> etc.) in internally managed SQLite databases, and even offer an add-on to
> manage SQLite databases.
> 
> So, all major browsers except IE use sqlite.
> 
> --Andrew
> 
> 

So rather than fix the problems, you're suggesting replacing the current
system with a different one which will not only have it's own set of
problems (many more than the ones I listed - which can't be fixed), but
won't necessarily fix the problems in the existing system.

It makes sense - NOT!

Jerry

Reply to:

References:
- Re: End of hypocrisy ?
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: End of hypocrisy ?
  - From: Tom H <tomh0665@gmail.com>
- Re: End of hypocrisy ?
  - From: Slavko <linux@slavino.sk>
- Re: End of hypocrisy ?
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: End of hypocrisy ?
  - From: AW <debian.list.tracker@1024bits.com>
- Re: End of hypocrisy ?
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: End of hypocrisy ?
  - From: AW <debian.list.tracker@1024bits.com>
- Re: End of hypocrisy ?
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: End of hypocrisy ?
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: End of hypocrisy ?
  - From: AW <debian.list.tracker@1024bits.com>
- Re: End of hypocrisy ?
  - From: Tom H <tomh0665@gmail.com>
- Re: End of hypocrisy ?
  - From: AW <debian.list.tracker@1024bits.com>
- Re: End of hypocrisy ?
  - From: Joel Rees <joel.rees@gmail.com>
- Re: End of hypocrisy ?
  - From: AW <debian.list.tracker@1024bits.com>
- Re: End of hypocrisy ?
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Re: End of hypocrisy ?
  - From: Zenaan Harkness <zen@freedbms.net>
- Re: End of hypocrisy ?
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Re: End of hypocrisy ?
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: End of hypocrisy ?
  - From: AW <debian.list.tracker@1024bits.com>

Prev by Date: Re: System broken after full-upgrade: please help!
Next by Date: Re: End of hypocrisy ?
Previous by thread: Re: End of hypocrisy ?
Next by thread: Re: End of hypocrisy ?
Index(es):
- Date
- Thread